package org.zht.dormpro.auth.shiro.realm;

import com.xiaoleilu.hutool.util.CollectionUtil;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.zht.dormpro.auth.bean.AuthUser;
import org.zht.dormpro.pub.constant.Enums;
import org.zht.dormpro.pub.exception.LoginStatusException;
import org.zht.dormpro.auth.model.SysPermission;
import org.zht.dormpro.auth.model.SysUser;
import org.zht.dormpro.auth.service.ISysUserService;

import java.util.List;

public class AuthRealm extends AuthorizingRealm {
    @Autowired
    private ISysUserService sysUserService;
    @Override
    public String getName() {
        return "AuthRealm";
    }
    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String usercode = (String) authenticationToken.getPrincipal();
        SysUser sysUser = sysUserService.getSysUserByUsercode(usercode);
        if(sysUser!=null){
            if(!sysUser.getUsercode().equals(usercode)) {
                throw new LoginStatusException(Enums.LoginStatus.LOGIN_FAILER.getDesc());
            }
            if(sysUser.getLocked()==1){
                throw new LoginStatusException(Enums.LoginStatus.LOGIN_FORBIDDEN.getDesc());
            }
        } else {
            throw new LoginStatusException(Enums.LoginStatus.LOGIN_FAILER.getDesc());
        }
        String password = sysUser.getPassword();
        String salt = sysUser.getSalt();
        //查询用户基本信息放入authUser
        AuthUser authUser = new AuthUser();
        authUser.setUsercode(sysUser.getUsercode());
        authUser.setUserId(sysUser.getId());
        authUser.setUsername(sysUser.getUsername());
        SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(authUser,password, ByteSource.Util.bytes(salt),getName());
        return simpleAuthenticationInfo;
    }
    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        //获取当前认证用户
        AuthUser authUser = (AuthUser) principalCollection.getPrimaryPrincipal();
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        //针对此账号放开所有权限
        if(authUser.getUsercode().equals("superEtouch")){
            authorizationInfo.addStringPermission("*:*:*");
        } else {
            Integer userid = authUser.getUserId();
            //查询所有权限
            List<SysPermission> permissions = sysUserService.getPermissionListById(userid);
            if(CollectionUtil.isNotEmpty(permissions)){
                for (SysPermission permission : permissions) {
                    authorizationInfo.addStringPermission(permission.getPermsCode());
                }
            }
        }
        return authorizationInfo;
    }
}
